Pivots

⚠️ IMPORTANT: Pivots in Sliver are used for specifically pivoting C2 traffic, not to be confused with port forwarding portfwd, which is used for tunneling generic tcp connections into a target environment.

⚠️ IMPORTANT: Pivots can only be used in "session mode" (we may add beacon support later)

Pivots allow you to create "chains" of implant connections, for example if you're trying to deploy a pivot into a highly restricted subnet that cannot route traffic directly to the internet you can instead create an implant that egresses all traffic via another implant in a less restricted subnet. Sliver v1.5 and later pivots can be arbitrarily nested, for example a pivot A can connect thru pivot B to a third egress implant.

In Sliver you use an existing session to create a "pivot listener" and then generate new pivots that can connect back to that listener, just as you would with other C2 protocols/endpoints.

Pivots perform an authenticated peer-to-peer cryptographic key exchange regardless of the underlying pivot protocol, therefore pivots can only communicate with other implants generated by the same server. This behavior cannot be disabled.

Connect Back TCP Pivots

TCP pivots are implemented in pure Go and are supported on all platforms.

[*] Session c93136a9 PRIOR_MANTEL - 192.168.1.178:63485 (WIN-1TT1Q345B37) - windows/amd64 - Mon, 24 Jan 2022 19:26:41 CST

[server] sliver > use c93136a9-8a45-4d85-a267-c17a66ffbbb2

[*] Active session PRIOR_MANTEL (c93136a9-8a45-4d85-a267-c17a66ffbbb2)

[server] sliver (PRIOR_MANTEL) > pivots tcp

[*] Started tcp pivot listener :9898 with id 1

[server] sliver (PRIOR_MANTEL) > pivots

 ID   Protocol   Bind Address   Number Of Pivots
==== ========== ============== ==================
  1   TCP        :9898                         0

Named Pipe Pivots (SMB)

Named pipe pivots are only supported on Windows.